Bug Reports - Page 18 - Burp Suite User Forum

Collaborator "payload" field not correct when using multiple tokens

Perhaps there is a scenario I'm missing where this is a useful feature, but I suspect it is a bug. You have two tokens: abc.oastify.com xyz.oastify.com You make a request `curl -X https://abc.oastify.com -d...

Issue whilst running multiple Burp instances

Hello, On the latest version v2021.4.2 whilst running two or more instances of Burp (working on different projects) the embedded browser will not work as expected. Expected will be for each Burp instance to start a...

Secure connection failed with proxy enabled

When I try to access sites with HSTS implemented I get this error: Secure connection failed An error occurred while connecting to www.google.com. The page you are trying to view cannot be displayed because the...

Burp Suite Certified Practitioner Gateway Timeout

Hello, While doing my exam, I'm getting "Server Error: Gateway Timeout (3)" after modify host header. Is this an intended behavior?

Unable to connect to shop.tesla.com

Vanilla Burp install, latest patches. Verified by another user, with different install, different network, name servers etc. Simply times out. Not seeing anything out of Burp at all. No TCP/TLS etc. Disabling the...

Host validation bypass via connection state attack

When trying to solve the lab, instead of getting redirected back to the home page I get a 403 Forbidden. I've follow the written guide and step 3 does not behave as expected.

Burp built in browser not connecting to the internet.

Hi, I am having a bit of a problem when running burp's integrated web browser for intercepting, as I run it and enter a website like google.com for example, burp will not intercept and the browser will return an error...

progress lost

I have lost my whole progress.I finished doing the apprentice level learning path then I lost my progress. The web application was opened in two page. In burp chromium and in my regular browser.

File Signature Bytes

Hello, I'm a user of Burp Suite Community Edition only. I'm testing by sending a request include a file with Content-type:multipart/form-data. A problem occurred if the file was manipulated by adding a JPG signature...

Browser header sec-ch-ua is empty causing all requests to be blocked

Just installed Burp Pro v2023.6.2 Opened Browser and every request to my company's sites are rejected. We use a WAF that blocks requests containing empty header values. The header being sent with no value is...

File search and buttons don't work

I'm currently using the latest stable version of the Windows Desktop version. For some reason, whenever I'm trying to select a wordlist in Intruder or a session file, it doesn't work and all buttons loose all...

Internal browser forces HTTPS after update

Hello! I am using the internal browser in Burp Suite, and after updating the community edition to version 2023.10.3.1 the browser forces HTTPS when I try to go to a HTTP site, and I get the error message "Unsupported or...

CSRF value = null when Request sent thru Burpsuite

When I send a request in the Repeater or Intruder, the CSRF Token in the Response show value = Null? However, within the History Tab of the Proxy, the CSRF value show the actual value. But in the Repeater, Macros, and...

Enterprise Edition 2023.9.1 scans running days and failing

Since the update to 2023.9.1 scans that would take less than an hour are taking days and failing. No changes were made to the applications being scanned and no configuration changes were made to scans. CPU usage is at 100%...

wiener:peter not working in Lab: User ID controlled by request parameter with password disclosure

Hi, I am unable to complete this lab because the login credentials I was provided, wiener:peter, is not working. I believe that this lab needs to be reset.

Basic clickjacking with CSRF token protection can't be solved

https://portswigger.net/web-security/clickjacking/lab-basic-csrf-protected I have tried with firefox and chrome.I am doing exactly what the solution says and I have also watched the community solutions.But none of them work...

Failed to create burp project cannot parse null string - Burp Suite Professional

os: windows 10 version: burp suite Burp Suite Professional v2023.10.2.3 / installed version of Burp error : An error occurred when starting a project with the selected options. Failed to create Burp project: Cannot...

Lab: Exploiting NoSQL operator injection to extract unknown fields

Hello, I post in bug reports because I dont know what else to do XD Is the lab mentioned in the subject working as intended? I have tried four times, if not more, to solve this lab and everytime I try to change the...

I accedentally deleted wiener account.

I accedentally deleted the wiener account while testing my exploit in "Basic clickjacking with CSRF token protection" lab. After I read the solution, I learned that the lab would be reset after 20 minutes but now it's not...

Network is unreachable when connected to the internet via Apple USB phone. Burp proxy works normal when using normal router

Hello, I'm having problems using burp when I use my mobile data for testing but not problems at all when using the normal router connection. How do I configure?